Address has been blocked

Discussion in 'ESET NOD32 Antivirus' started by Echofig, May 21, 2012.

Thread Status:
Not open for further replies.
  1. Echofig

    Echofig Registered Member

    Joined:
    Jun 17, 2009
    Posts:
    10
    When going to www.msn.com users are getting a prompt. Address has been blocked. Version 4.2.76.0 Update 7155.
     
  2. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    I'm running the same version and I don't have any problems. Any more details on the message?
     
  3. Echofig

    Echofig Registered Member

    Joined:
    Jun 17, 2009
    Posts:
    10
    This is the address that is in the popup. No reason for block stated.

    b.scorecardresearch.com/b?c1=2c2=3000001c7=http://www.msn.com/c9=rn=1337607384423

    98.174.29.211:80
     
  4. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    Actually scorecardresearch.com is being blocked by ESET today. I saw it on a few websites.
     
  5. devicegrip

    devicegrip Registered Member

    Joined:
    May 21, 2012
    Posts:
    6
    Location:
    USA
    I am also getting this address being blocked. If I open IE with 7 different home pages, the pop-up shows up for each one of them (most of them at least). I tried installing firefox and using the same websites I get the pop-up. These same home-pages work fine on another computer, so installing firefox does not resolve the issue. Running malwarebytes and housecall online virus scan do not pick up anything.

    NOD blocks the redirects etc, but does not get the actual virus causing the issue.
     
  6. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    Mine is showing HTML/ScrInject.B.Gen virus
     
  7. djackino

    djackino Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    49
    That's one of the ones I am seeing too (along with a.scorecardresearch) on Washington DC all-news radio website.
     
  8. ramirez1

    ramirez1 Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    30
    a few minutes ago ESET was also blocking the main site for me.

    scorecardresearch.com is now working. Other sites that were blocked are now accessible.

    Running v4.2.76.0 Update 7155 (20120521)
     
  9. pyrobane

    pyrobane Registered Member

    Joined:
    May 21, 2012
    Posts:
    3
    Location:
    USA
    I'm seeing alerts for b.scorecardresearch.com as well. They seem to be referencing a beacon.js file.

    My clients are also seeing the HTML/ScrInject.B.Gen virus threat show up on sites like cnet.com and wordpress.com.

    This happens with 4.2.71 (7155).
     
  10. devicegrip

    devicegrip Registered Member

    Joined:
    May 21, 2012
    Posts:
    6
    Location:
    USA
    Did you guys get a screen pop-up that looked like a legit microsoft notification saying that your computer is infected with 87 viruses, please click here to remove.... (not exact wording but you get the point).

    The user on my system that has this virus reported that pop-up over the weekend and now is getting the site being blocked by NOD. Why is NOD not removing the HTML/ScrInject.B.Gen virus? I even reset internet explorer and all settings. If anyone finds a removal method, please post.
     
  11. devicegrip

    devicegrip Registered Member

    Joined:
    May 21, 2012
    Posts:
    6
    Location:
    USA
    I did notice that once I open IE for the first time, the very first site NOD blocks is scorecardresearch.com./<??>.js ... Then it proceeds to block most other redirects.

    I can't remember the .js file that it blocks (not currently connected to the machine), but maybe someone else is getting the same message. beacon.js could be the file name, but it doesn't look familiar.
     
  12. pyrobane

    pyrobane Registered Member

    Joined:
    May 21, 2012
    Posts:
    3
    Location:
    USA
    One user here reported a similar pop-up but I wasn't able to see it. User restarted and wasn't able to reproduce it.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The above mentioned site was removed from blacklist 1,5 hours before this thread was started.
     
  14. pyrobane

    pyrobane Registered Member

    Joined:
    May 21, 2012
    Posts:
    3
    Location:
    USA
    I've not seen any additional instances of this happening since about that time. Thanks for the response.
     
  15. devicegrip

    devicegrip Registered Member

    Joined:
    May 21, 2012
    Posts:
    6
    Location:
    USA
    I just got a second person reporting the
    "antivirus has blocked the following:
    b.scorecardresearch.com/beacon.js ip 204-141.87.16:80"

    IP address being blocked by NOD. Do you think a reboot will fix this?
     
  16. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    After running an update, it won't be detected. Strange that the block is still reported even though it was fixed in a module update about 4 hours ago.
     
  17. devicegrip

    devicegrip Registered Member

    Joined:
    May 21, 2012
    Posts:
    6
    Location:
    USA
    Is this a false positive and there is nothing to worry about? I have over 400 NOD clients and only 2 have reported this issue so far, which leads me to believe they have a virus of some sort.
     
  18. devicegrip

    devicegrip Registered Member

    Joined:
    May 21, 2012
    Posts:
    6
    Location:
    USA
    Reboot fixed both of my clients with the issue. Thanks for the help Marcos.
     
Thread Status:
Not open for further replies.